Starting Point : Oopsie

Hello all, I am stuck on the Oopsie starting point lab at the point where I am supposed to use Burp Suite to manipulate the cookie id and then login as a super admin.

I don't understand how to use burp to update the url?

Help would be appreciated.

Tagged:

Comments

  • sup, i`m facing the same problem.

    After run the attack with burp, i got the super admin ID but idfk how to send the manipulated data to the website to logon at the upload section.

  • edited June 12

    I tried accessing in the firefox and got the upload page in the browser 'console' atleast. Go to the general 'uploads' page. It will still show that you require super admin rights. So open the developer window (F12) and go to the Network tab. Choose the GET request related to upload. On the right side pane that opens, do an 'edit and resend', cin the Request headers, change the Cookie:user={super admin user id}. Clisk the send button.

    Now you can see the Response tab of the same developer mode that you can see the actual Uploads Page with option to upload file #oopsie

  • Type your comment> @xpkiro said:
    > Hello all, I am stuck on the Oopsie starting point lab at the point where I am supposed to use Burp Suite to manipulate the cookie id and then login as a super admin.
    >
    > I don't understand how to use burp to update the url?
    >
    > Help would be appreciated.

    Google 'burp suite intruder sniper attack' or something like that. It should bring you in the right ballpark.

    If you haven't done already, you may also want to check out "configuring burp suite proxy firefox", before that.

    Best of luck.
  • edited August 1

    HI from HK's beginner. Make sure the intercept is on, on the burp's proxy options

  • @abaddontsoi said:
    HI from HK's beginner. Make sure the intercept is on, on the burp's proxy options

    then change the user id to wut u have got, and press forward button to send.

Sign In to comment.